What is claimed is: 



1 1 . A method for providing access to secure data through a portable computing 

2 system during a specified time, wherein said method comprises: 

3 establishing a connection between said portable computing system and a 

4 base computing system to provide for transfer of data between said portable 

5 computing system and said base computing system; 

6 verifying identity of said base computing system within said portable 

7 computing system; 

8 resetting a timer within said portable computing system to run for a specified 

9 time; and 

10 providing access to said secure data only when said timer is running. 

1 2. The method of claim 1 , wherein said step or verifying identity of said base 

2 computing system comprises: 

3 receiving and storing a public cryptographic key from said base computing 

4 system during an initialization process, 

5 following said initialization process, generating a random number within said 

6 portable computing system; 

7 transmitting said random number to said base computing system; 

8 receiving a number transmitted from said base computing system; 

9 decrypting said number transmitted from said base computing system to form 

10 a decrypted number; and 

1 1 determining that said decrypted number matches said random number. 

1 3. The method of claim 1 , additionally comprising a step of verifying whether a 

2 password is entered correctly in said portable computing system. 
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1 4. The method of claim 3, wherein said step of verifying whether a password is 

2 entered correctly includes: 

3 transmitting an initial password to said base computing system during an 

4 initialization process, 

5 storing said initial password within said base computing system; 

6 following said initialization process, transmitting a present password to said 

7 base computing system; 

8 determining in said base computing system that said initial password 

9 matches said present password; 

10 transmitting an approval code from said base computing system to said 

1 1 portable computing system; and 

12 determining that said approval code has been received. 

1 5. The method of claim 1, wherein said connection is established through a 

2 switched telephone network. 

1 6. The method of claim 1 , wherein 

2 said timer includes a timer register storing a number corresponding to a time 

3 remaining, 

4 said number corresponding to a time remaining is decremented in response 

5 to a series of timing pulses generated within said portable computing system, and 

6 setting said timer includes storing a number corresponding to said specified 

7 time in said timer register. 

1 7. A method providing for access to secure data through a portable computing 

2 system, wherein said access to said secure data is limited to a specified time, and 

3 wherein said method comprises: 

4 initializing a base computing system and said portable computing system to 

5 work together as a system by an initialization process comprising storing data 

6 identifying said base computing system within said portable computing system; and 
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7 resetting said portable computing system by a reset process following said 

8 initialization process including: 

9 establishing a connection to transmit data between said portable 

1 0 computing system and a base computing system; 

1 1 determining, using said data identifying said base computing system, 

12 that said connection has been made between said portable computing 

13 system and said base computing system; 

1 4 setting a timer within said portable computing system to run until said 

1 5 specified time has expired; 

1 6 determining if said timer is running; and 

1 7 providing access to said secure data only when said timer is running. 

1 8. The method of claim 7, wherein 

2 said initialization process additionally includes determining whether said data 

3 identifying a base computing system has been previously stored in said portable 

4 computing system; 

5 if said data identifying a base computing system is determined to have been 

6 previously stored, said data identifying a base computing system remains without 

7 being overwritten during said initialization process. 
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1 9. The method of claim 8, wherein said data identifying said base computing is 

2 a public cryptographic key of said base computing system, and wherein said 

3 process of determining that said connection has been made between said portable 

4 computing system and said base computing system includes: 

5 generating and storing random number within said portable computing 

6 system; 

7 transmitting said random number from said portable computing system to 

8 said base computing system; 

9 encrypting said random number within said base computing system with a 

10 private cryptographic key of said base computing system to form an encrypted 

11 number; 

1 2 transmitting said encrypted number from said base computing system to said 

13 portable computing system; 

1 4 decrypting said encrypted number within said portable computing system with 

15 said public cryptographic key of said base computing system to form a decrypted 

16 number; and 

17 comparing said decrypted number with said random number stored within 

18 said portable computing system. 

1 1 0. The method of claim 8, wherein 

2 said timer includes a timer register storing a number corresponding to a time 

3 remaining, 

4 said number corresponding to a time remaining is decremented in response 

5 to a series of timing pulses generated within said portable computing system, and 

6 setting said timer includes storing a number corresponding to said specified 

7 time in said timer register. 
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1 11. The method of claim 8, wherein 

2 said method additionally comprises receiving an input corresponding to a 

3 time, and 

4 setting said specified time according to said input. 

1 12. The method of claim 8, additionally comprising storing a cryptographic public 

2 cryptographic key of said portable computing system within said base computer 

3 system. 

1 13 The method of claim 8, wherein 

2 said initialization process additionally includes receiving a present password 

3 as an input, determining if a password has been previously stored, and storing said 

4 present password in response to a determination that said password has not been 

5 previously stored, and 

6 said reset process additionally includes receiving a present password as an 

7 input and determining if said password matches a stored password; 

8 said timer is set within said portable computing system only in response to 

9 a determination that said password matches said stored password. 

1 14. The method of claim 13, wherein 

2 said present password is received as an input within said portable computing 

3 system, 

4 said present password is transmitted from said portable computing system 

5 to said base computing system, 

6 said present password is stored within said base computing system following 

7 a determination that a password is not previously stored within said base computing 

8 system; 

9 a determination is made in said base computing system of whether said 
10 present password matches a stored password, 
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1 1 said reset process additionally includes transmitting an approval code from 

12 said base computing system to said portable computing system in response to a 

13 determination that said present password matches said stored password, and 

14 said timer is set within said portable computing system in response to 

15 receiving said approval code. 

1 1 5. The method of claim 1 4, wherein said data identifying said base computing 

2 is a public cryptographic key of said base computing system, and wherein 

3 said process of determining that said connection has been made between said 

4 portable computing system and said base computing system includes: 

5 generating and storing random number within said portable computing 

6 system; 

7 concatenating said random number and said present password within said 

8 portable computing system to form a concatenated number; 

9 encrypting said concatenated number within said portable computing system 

10 with said public cryptographic key of said base computing system to form a first 

1 1 encrypted number; 

1 2 transmitting said first encrypted number from said portable computing system 

13 to said base computing system; 

14 decrypting said first encrypted number within said base computing system 

1 5 with a private cryptographic key of said base computing system to form a decrypted 

16 number; 

17 dividing said decrypted number to form a decrypted random number and said 

18 present password; 

19 encrypting said decrypted random number within said base computing 

20 system with a private cryptographic key of said base computing system to form a 

21 second encrypted number; 

22 transmitting said second encrypted number from said base computing 

23 system to said portable computing system; 

24 decrypting said second encrypted number within said portable computing 
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25 system with said public cryptographic key of said base computing system to form 

26 a decrypted number; and 

27 comparing said decrypted number with said random number stored within 

28 said portable computing system. 
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1 1 6. A system for providing controlled access to secure data, wherein said system 

2 comprises: 

3 a portable computing system providing said controlled access to secure data 

4 during a specified time, wherein said portable computing system includes first 

5 processing means, first storage means, and a timer; 

6 a base computing system including second processing means and second 

7 storage means; 

8 a connection between said portable computing system and said base 

9 computing system for transmitting data between said portable computing system 

1 0 and said base computing system; and 

1 1 a first program, executing within said first processing means, causing said 

12 portable computing system to perform a process including: 

13 determining if a public cryptographic key is stored in a first location 

14 within said first storage means; 

15 in response to determining that a public cryptographic key is not 

1 6 stored in said first location, transmitting a request code, receiving said public 

17 cryptographic key, and storing said public cryptographic key in said first 

18 location; 

1 9 transmitting a first code; 

20 receiving a response to said first code; 

21 determining from said response to said first code if a connection has 

22 been made to said base computing system; and 

23 setting said timer to run until said specified time has expired; 

24 a subroutine executing within said first processing means, causing said 

25 portable computing system to perform a process including: 

26 determining if said timer is running; and 

27 providing access to said secure data only when said timer is running; 

28 and 

29 a second program, executing within said second processing means, causing 
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30 said base computing system to perform a process including: 

31 receiving said request code; 

32 in response to receiving said request code, transmitting a public 

33 cryptographic key of said base computing system to said portable computing 

34 system; 

35 receiving said first code; and 

36 in response to receiving said first code, transmitting said response to 

37 said first code. 

1 17. The system of claim 16, wherein 

2 said first storage means includes a timer register storing a number 

3 corresponding to a time remaining, 

4 said number corresponding to a time remaining is decremented in response 

5 to a series of timing pulses generated within said portable computing system, and 

6 setting said timer includes storing a number corresponding to said specified 

7 time in said timer register. 

1 18. The system of claim 17, wherein 

2 said step of transmitting a first code includes generating a random number, 

3 storing said random number in a second location within said first storage, and 

4 transmitting said random number to said base computing system as said first code, 

5 said step of transmitting said response to said first code includes encrypting 

6 said random number with a private cryptographic key of said base computing 

7 system to form an encrypted random number, and transmitting said encrypted 

8 random number as said response to said portable computing system as said 

9 response to said first code, and 

I o said step of determining from said response to said first code if a connection 

I I has been made to said base computing system includes decrypting said encrypted 

12 number to form a decrypted number and comparing said decrypted number with 

13 said random number stored in said second location within said first storage. 
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1 19. The system of claim 18, wherein 

2 said first processing means includes a first microprocessor and a first 

3 cryptographic processor, 

4 said encrypted number is decrypted in said first cryptographic processor, 

5 said first storage means includes first secure storage accessed only through 

6 said first cryptographic processor, and 

7 said first location and said timer register within said first storage means are 

8 within said secure storage. 

1 20. The system of claim 18, wherein 

2 said second processing means includes a second microprocessor and a 

3 second cryptographic processor, 

4 said random number is encrypted to form said encrypted number within said 

5 second cryptographic processor, 

6 said second storage means includes second secure storage accessed only 

7 through said second cryptographic processor, and 

8 said private cryptographic key of said base computing system is stored within 

9 said second secure storage. 
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1 21 . The system of claim 1 6, wherein 

2 said portable computing system additionally includes a display, 

3 said first program additionally causes a successful completion message to 

4 be displayed on said display in response to a determination from said response to 

5 said first code that a connection has been made to said base computing system, 

6 and 

7 said first program additionally causes an error message to be displayed on 

8 said display in response to a determination from said response to said first code 

9 that a connection has not been made to said base computing system. 

1 22. The system of claim 16, wherein 

2 said portable computing system additionally includes a display and a 

3 keyboard, and 

4 said first program causes said portable computing to perform a process 

5 additionally including displaying a menu, receiving a user input from said keyboard 

6 as said menu is displayed, and determining said specified time from said user input. 

1 23. The system of claim 16, wherein 

2 said portable computing system additionally includes a display and a 

3 keyboard, 

4 said first program causes said portable computing to perform a process 

5 additionally including displaying a menu and receiving a password from said 

6 keyboard as said menu is displayed, 

7 said step of transmitting a first code includes: 

8 generating a random number; 

9 storing said random number in a second location within said first 

10 storage; 

1 1 concatenating said random number with said password to form a 

12 concatenated number, 
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1 3 encrypting said concatenated number with a private cryptographic key 

14 of said portable computer system stored in a third location within said first 

15 storage means to form said first code; and 

16 transmitting said random number to said base computing system as 

17 said first code, 

1 8 said step of transmitting said response to said first code includes: 

1 9 decrypting said first code with a private cryptographic key of said base 

20 computing stored in a fourth location within said second storage means; 

21 separating said password from said random number; 

22 determining whether said password separated from said random 

23 number matches a password stored; 

24 encrypting said random number with a private cryptographic key of 

25 said base computing system to form an encrypted random number, and 

26 determining if and transmitting said encrypted random number as said 

27 response to said portable computing system as said response to said first 

28 code, 

29 said second program causes said base computing system to perform a 

30 process additionally including: 

31 determining if a password is stored in a fifth location within said 

32 second storage means; 

33 in response to a determination that a password is not stored in said 

34 fifth location, storing said password separated from said random number in 

35 said fifth location; 

36 in response to a determination that a password is stored in said fifth 

37 location, comparing said password stored in said fifth location with said 

38 password separated from said random number; 

39 in response to determining that said password stored in said fifth 

40 location matches said password separated from said random number, 

41 encrypting said random number and to form a transmitting an approval code 

42 to said portable computing system as said response to said first code; and 
RPS9-2001-0049-US1 

Page 35 of 42 



43 said step of determining from said response to said first code if a connection 

44 has been made to said base computing system includes determining that said 

45 approval code has been received. 

1 24. The system of claim 23, wherein 

2 said second program causes said base computing system to perform a 

3 process additionally including, in response to determining that said password stored 

4 in said fifth location does not match said password separated from said random 

5 number, transmitting an error code to said portable computing system as said 

6 response to said first code 

7 said first program causes said portable computing to perform a process 

8 additionally including displaying a successful completion message on said display 

9 in response to receiving said approval code, and displaying an error message on 
1 0 said display in response to receiving said error code. 

1 25. The system of claim 23, wherein 

2 said first storage means includes a timer register storing a number 

3 corresponding to a time remaining, 

4 said number corresponding to a time remaining is decremented in response 

5 to a series of timing pulses generated within said portable computing system, and 

6 setting said timer includes storing a number corresponding to said specified 

7 time in said timer register. 

1 26. The system of claim 23, wherein 

2 said first processing means includes a first microprocessor and a first 

3 cryptographic processor, 

4 said concatenated number is encrypted in said first cryptographic processor, 

5 said first storage means includes first secure storage accessed only through 

6 said first cryptographic processor, and 

7 said secure storage includes said first location, said third location, and said 
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8 



timer register within said first storage means. 



1 27. The system of claim 23, wherein 

2 said second processing means includes a second microprocessor and a 

3 second cryptographic processor, 

4 said random number is encrypted to form said encrypted number within said 

5 second cryptographic processor, 

6 said second storage means includes second secure storage accessed only 

7 through said second cryptographic processor, and 

8 said fourth and fifth locations within said second storage means are within 

9 said second secure storage. 

1 28. The system of claim 23, wherein 

2 said step of transmitting a request code includes transmitting a public 

3 cryptographic key of said portable computing system, and 

4 said step of receiving a request code includes storing said public 

5 cryptographic key of said portable computing system in a sixth location within said 

6 second storage means. 

1 29. A computer readable medium within a portable computing system, wherein 

2 said computer readable medium has computer readable instructions for performing 

3 a method comprising: 

4 determining if a public cryptographic key is stored in a first location within 

5 said first storage means; 

6 in response to determining that a public cryptographic key is not stored in 

7 said first location, transmitting a request code, receiving said public cryptographic 

8 key, and storing said public cryptographic key in said first location; 

9 transmitting a first code; 

1 0 receiving a response to said first code; 

1 1 determining from said response to said first code if a connection has been 
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13 



made to a base computing system; and 

setting a timer to run until a specified time has expired. 



1 30. The computer readable medium of claim 29, wherein said step of setting aid 

2 timer includes storing a number corresponding to said specified time in a timer 

3 register. 

1 31 . The computer readable medium of claim 29, wherein 

2 said step of transmitting a first code includes generating and storing a 

3 random number, and transmitting said random number to said base computing 

4 system as said first code, and 

5 said step of determining from said response to said first code if a connection 

6 has been made to a base computing system includes decrypting an encrypted 

7 number to form a decrypted number and comparing said decrypted number with 

8 said random number. 

1 32. The computer readable medium of claim 29, wherein said method 

2 additionally comprises: 

3 displaying a successful completion message in response to receiving an 

4 approval code; and 

5 displaying an error message in response to receiving an error code. 

1 33. The computer readable medium of claim 29, wherein said method 

2 additionally comprises: 

3 displaying a menu; 

4 receiving an input from a keyboard as said menu is displayed; and 

5 determining said specified time from said input. 

1 34. The computer readable medium of claim 29, wherein 

2 said method additionally includes displaying a menu and receiving a 
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3 password from a keyboard as said menu is displayed, 

4 said step of transmitting a first code includes: 

5 generating a random number; 

6 storing said random number in a second location within said first 

7 storage; 

8 concatenating said random number with said password to form a 

9 concatenated number, 

1 0 encrypting said concatenated number with a private cryptographic key 

1 1 of said portable computer system stored in a third location within said first 

12 storage means to form said first code; and 

1 3 transmitting said random number to said base computing system as 

14 said first code. 

1 35. In a portable computing system having a user interface including a display 

2 and a keyboard, a method for limiting access to secure data to a specified time, 

3 wherein said method comprises: 

4 displaying a screen location for entering a number; 

5 accepting an input from said keyboard; 

6 displaying said input from said keyboard in said screen location; 

7 calculating a number determining said specified time as a function of said 

8 input from said keyboard; 

9 generating a random number; 

1 0 transmitting said random number to a base computing system; 

1 1 receiving an encrypted number from said base computing system, 

12 decrypting said encrypted number with a public cryptographic key stored 

13 within said portable computing system to form a decrypted number; 

14 determining if said random number matches said decrypted number; and 

1 5 in response to determining that said random number matches said decrypted 

16 number, setting a timer within said portable computing system to run for said 

1 7 specified time, wherein said access to secure data is provided only when said time 
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18 is running. 

1 36. The method of claim 35, additionally comprising: 

2 displaying a successful completion message in response to determining that 

3 said random number matches said decrypted number; and 

4 displaying an error message in response to determining that said random 

5 number does not match said decrypted number. 

1 37. In a portable computing system having a user interface including a display 

2 and a keyboard, a method for limiting access to secure data to a specified time, 

3 wherein said method comprises: 

4 displaying a first screen location for entering a password and a second 

5 screen location for entering a number; 

6 accepting a first input from said keyboard; 

7 generating a password from said first input; 

8 accepting a second input from said keyboard; 

9 displaying said input from said keyboard in said second screen location; 

1 0 calculating a number determining said specified time as a function of said 

1 1 second input from said keyboard; 

12 generating a random number; 

13 encrypting said password with a public cryptographic key stored in said 

14 portable computing system; 

1 5 transmitting said random number to a base computing system; 

1 6 receiving an encrypted number from said base computing system, 

1 7 decrypting said encrypted number with said public cryptographic key stored 

1 8 within said portable computing system to form a decrypted number; 

1 9 determining if said random number matches said decrypted number; and 

20 in response to determining that said random number matches said decrypted 

21 number, setting a timer within said portable computing system to run for said 

22 specified time, wherein said access to secure data is provided only when said time 
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is running. 



1 38. The method of claim 35, additionally comprising: 

2 displaying a successful completion message in response to determining that 

3 said random number matches said decrypted number; and 

4 displaying an error message in response to determining that said random 

5 number does not match said decrypted number and in response to receiving an 

6 error code from said base system. 
7 
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